thierry brunet - it best practices & frameworks overview
DESCRIPTION
TRANSCRIPT
eMedia Technologie
IT Best practices overview, mapping and implementationThierry Brunet, Director Associates
10/04/23
The Legacy Modernization Company
Agenda
10/04/23
IT Best practices, Frameworks & Standards COBIT 4.1 ITIL V2 and V3 CMM-i Mappings Implementations and Change Management Benefits of IT Best practices Implementation eMedia Technologie presentation
IT Best Practices, Framework, & Standards
overview“the quality of a system or product is highly influenced by the quality of the process used to develop and maintain it,”
(SEI)
10/04/23
Stabilizing IT with Process Methodologies
IT organization activity
Continuous Improveme
nt
Point Improveme
nt
Certification and
documentation
Schema
Planning Decision Developpement and Acquisition
Deployement
Exploitation
IT Best practices roles
10/04/23
COBIT 4.1
10/04/23
What is COBIT? COBIT (Control Objectives for IT) is a
Framework• Defines IT Processes, Goals and Metrics• Defines Maturity Levels for each Process• Defines Responsibilities for each Process• Provides Management guidelines• Mapped with other frameworks (Coso, ITIL,
CMMi, ISO20000, ISO2700-x…)
10/04/23
COBIT 4.1
10/04/23
Defined Responsibilities for Each Process
RACI Chart A RACI chart identifies who is Responsible, Accountable, Consulted and/or Informed.
10/04/23
COBIT 4.1 Tools
10/04/23
COBIT Certifications Enterprise and Individual certifications CISA (Certified Information Systems Auditor) ISACA certification Certifications helps company to reach a level
of IT Governance, and IT Compliance requested by : SOX, BASLE II, Solvency II,…
10/04/23
ITIL (Information Technology Information Library)
10/04/23
Origin of ITIL• British Government’s effort to improve IT
management • Developed by in the late 1980’s• Originally, a library of over 40 books that
documented various IT Service areas, processes and standards
• Today, a library of 8 books, under the auspices of OGC
10/04/23
ITIL V2 Process Reference Framework
FinancialManagementfor IT services
Capacity Management
Availability Management
IT Service ContinuityManagement
IncidentManagement Problem Management
Change Management
Configuration Management
Release Management
ITInfrastructureITInfrastructure
security
security
Service DeskService Desk
Service Level Management
Service reportsIncident statistics
Audit reports
CMDB
IncidentManagement
ProblemManagement Change
Management ReleaseManagement
ConfigurationManagement
IncidentsProblems
Known ErrorsChanges Releases
CIsRelationships
Incidents
ManagementTools
CMD reportsCMDB statisticsPolicy/standards
Audit reports
Incidents
Service Desk
DifficultiesQueriesEnquires
CommunicationsUpdates
Work-arounds
Customersurvey reports
Changes
Releases
The Business, Customers, or Users
Release scheduleRelease statisticsRelease reviewsSecure library
Testing StandardsAudit reports
Change scheduleCAB minutes
Change statisticsChange reviews
Audit reports
Problem statisticsTrend analysis
Problem reportsProblem reviewsDiagnostic aidsAudit reports
THE SERVICE SUPPORTPROCESS MODEL
10/04/23
MaintainabilityReliability
ServiceabilityStatistics&incidents
Audit reports
CMDB
AvailabilityManagement
CapacityManagement Business
ContinuityManagement Financial
Management
ConfigurationManagement
IncidentsProblems
Known ErrorsChanges Releases
CIsRelationships
Incidents Incidents
(SLM)Service Desk
DifficultiesQueriesEnquires
CommunicationsUpdates
Workarounds
Customersurvey reports
StandardsStatisticsReports
Audit reports
ReviewsPlansTests
Audit reports
Performance statistics&incidents
PlansTrend analysisDiagnostic aidsAudit reports
THE SERVICE DELIVERYPROCESS MODEL
CMD reportsCMDB statisticsPolicy/standards
Audit reports
The Business, Customers, or Users
10/04/23
ITIL V3 reference framework
10/04/23
Certifications Individual
ITIL Foundation ITIL Practitioner ITIL Service Manager
10/04/23
ISO 20000
10/04/23
CMMI-DEV
CMMI-ACQ – CMMI-SERV
10/04/23
CMMI-DEV Processes
10/04/23
Causal Analysis and Resolution (CAR) Configuration Management (CM) Decision Analysis and Resolution (DAR) Integrated Project Management (IPM) Measurement and Analysis (MA) Organizational Process Definition (OPD) Organizational Process Focus (OPF) Organizational Performance
Management (OPM) Organizational Process Performance
(OPP) Organizational Training (OT) Product Integration (PI)
Project Monitoring and Control (PMC) Project Planning (PP) Process and Product Quality Assurance
(PPQA) Quantitative Project Management
(QPM) Requirements Development (RD) Requirements Management (REQM) Risk Management (RSKM) Supplier Agreement Management
(SAM) Technical Solution (TS) Validation (VAL) Verification (VER)
CMMI Staged Representation - 5 Maturity Levels
Level 5
Initial
Level 1
Processes are unpredictable, poorly controlled, reactive.
Managed
Level 2
Processes are planned, documented, performed, monitored, and controlled at the project level. Often reactive.
Defined
Level 3 Processes are well characterized and understood. Processes, standards, procedures, tools, etc. are defined at the organizational (Organization X ) level. Proactive.
Quantitatively Managed
Level 4
Processes are controlled using statistical and other quantitative techniques.
Optimizing
Proc
ess
Mat
urity
Process performance continually improved through incremental and innovative technological improvements.
10/04/23
Certifications Given by SEI (Software Engineering Institute) Enterprise Level (certifies a Maturity Level) Individual Level (CMMI Lead appraisal) Used Methods : Standard CMMI Appraisal
Method for Process Improvement (SCAMPI)
10/04/23
IT Best Practices, Frameworks & Standards
mappingCOBIT, ITIL, ISO2700x, CMMi
10/04/23
Deliver and Support(DS Process Domain)Deliver and Support(DS Process Domain)
Monitor and Evaluate(ME Process Domain)
Monitor and Evaluate(ME Process Domain)
Acquire and Implement(AI Process Domain)Acquire and Implement(AI Process Domain)
Plan and Organise(PO Process Domain)
Plan and Organise(PO Process Domain)
10/04/23
Deliver and SupportDeliver and SupportMonitor and EvaluateMonitor and Evaluate
Planning & Organization
Acquire and Implement
Planning & Organization
Acquire and ImplementPlan and OrganisePlan and OrganiseDefine Strategic IT Plan
Define Strategic IT Plan
Define IT ProcessesOrganisation and Relationships
Define IT ProcessesOrganisation and Relationships
Manage IT InvestmentManage IT
Investment
Determine Technological Direction
Determine Technological Direction
Communicate ManagementtAims and Direction
Communicate ManagementtAims and Direction
Manage IT HumanResource
Manage IT HumanResource
Assess and Manage IT Risks
Assess and Manage IT Risks
Manage ProjectsManage
Projects
ManageIT QualityManage
IT Quality
Identify Automated Solutions
Identify Automated Solutions
Acquire and Maintain Application Software
Acquire and Maintain Application Software
Acquire and Maintain Technology Infrastructure
Acquire and Maintain Technology Infrastructure
Manage ChangeManage
Change
Install and Accredit Systems
Install and Accredit Systems
Enable operation and use
Enable operation and use
Manage Performance and Capacity
Manage Performance and Capacity
Ensure Continuous Service
Ensure Continuous Service
Ensure System Security
Ensure System Security
Identify and Allocate Costs
Identify and Allocate Costs
Manage Third-party Services
Manage Third-party Services
Define and Manage Service Levels
Define and Manage Service Levels
Educate and Train Users
Educate and Train Users
ManageOperationsManage
Operations
Manage ConfigurationManage
Configuration
Manage Service Deskand Incidents
Manage Service Deskand Incidents
Manage DataManage
Data
ManagePhysical environment
ManagePhysical environment
Manage ManageProblems
Manage ManageProblems
Monitor And EvaluateITPerformance
Monitor And EvaluateITPerformance
Monitor andEvaluateInternal Controls
Monitor andEvaluateInternal Controls
EnsureComplianceWith ExternalStandards
EnsureComplianceWith ExternalStandards
Provide ITGovernanceProvide IT
Governance
Define Information Architecture
Define Information Architecture
ITIL V2 mapping with COBIT 4.1ITIL V2 mapping with COBIT 4.1Service DeliveryService DeliveryService SupportService Support
Service DeskService
Desk
Incident ManagementIncident
Management
Change ManagementChange
Management
Release ManagementRelease
Management
Problem ManagementProblem
Management
ConfigurationManagementConfiguration
Management
Service Level Management
Service Level Management
Availability ManagementAvailability
Management
FinancialManagementFinancial
Management
Continuity ManagementContinuity
Management
CapacityManagementCapacity
Management
ProcureIT Ressources
ProcureIT Ressources
10/04/23
Deliver and SupportDeliver and SupportMonitor and EvaluateMonitor and Evaluate
Planning & Organization
Acquire and Implement
Planning & Organization
Acquire and ImplementPlan and OrganisePlan and OrganiseDefine Strategic IT Plan
Define Strategic IT Plan
Define IT ProcessesOrganisation and Relationships
Define IT ProcessesOrganisation and Relationships
Manage IT InvestmentManage IT
Investment
Determine Technological Direction
Determine Technological Direction
Communicate ManagementtAims and Direction
Communicate ManagementtAims and Direction
Manage IT HumanResource
Manage IT HumanResource
Assess and Manage IT Risks
Assess and Manage IT Risks
Manage ProjectsManage
Projects
ManageIT QualityManage
IT Quality
Identify Automated Solutions
Identify Automated Solutions
Acquire and Maintain Application Software
Acquire and Maintain Application Software
Acquire and Maintain Technology Infrastructure
Acquire and Maintain Technology Infrastructure
Manage ChangeManage
Change
Install and Accredit Systems
Install and Accredit Systems
Enable operation and use
Enable operation and use
Manage Performance and Capacity
Manage Performance and Capacity
Ensure Continuous Service
Ensure Continuous Service
Ensure System Security
Ensure System Security
Identify and Allocate Costs
Identify and Allocate Costs
Manage Third-party Services
Manage Third-party Services
Define and Manage Service Levels
Define and Manage Service Levels
Educate and Train Users
Educate and Train Users
ManageOperationsManage
Operations
Manage ConfigurationManage
Configuration
Manage Service Deskand Incidents
Manage Service Deskand Incidents
Manage DataManage
Data
ManagePhysical environment
ManagePhysical environment
ManageProblemsManage
Problems
Monitor And EvaluateITPerformance
Monitor And EvaluateITPerformance
Monitor andEvaluateInternal Controls
Monitor andEvaluateInternal Controls
EnsureComplianceWith ExternalStandards
EnsureComplianceWith ExternalStandards
Provide ITGovernanceProvide IT
Governance
Define Information Architecture
Define Information Architecture
ITIL V2 mapping with COBIT 4.1ITIL V2 mapping with COBIT 4.1Service DeliveryService DeliveryService SupportService Support
Service DeskService
Desk
Incident ManagementIncident
Management
Change ManagementChange
Management
Release ManagementRelease
Management
Problem ManagementProblem
Management
ConfigurationManagementConfiguration
Management
Service Level Management
Service Level Management
Availability ManagementAvailability
Management
FinancialManagementFinancial
Management
Continuity ManagementContinuity
Management
CapacityManagementCapacity
Management
ProcureIT Ressources
ProcureIT Ressources
10/04/23
Deliver and SupportDeliver and SupportMonitor and EvaluateMonitor and Evaluate
Planning & Organization
Acquire and Implement
Planning & Organization
Acquire and ImplementPlan and OrganisePlan and OrganiseDefine Strategic IT Plan
Define Strategic IT Plan
Define IT ProcessesOrganisation and Relationships
Define IT ProcessesOrganisation and Relationships
Manage IT InvestmentManage IT
Investment
Determine Technological Direction
Determine Technological Direction
Communicate ManagementtAims and Direction
Communicate ManagementtAims and Direction
Manage IT HumanResource
Manage IT HumanResource
Assess and Manage IT Risks
Assess and Manage IT Risks
Manage ProjectsManage
Projects
ManageIT QualityManage
IT Quality
Identify Automated Solutions
Identify Automated Solutions
Acquire and Maintain Application Software
Acquire and Maintain Application Software
Acquire and Maintain Technology Infrastructure
Acquire and Maintain Technology Infrastructure
Manage ChangeManage
Change
Install and Accredit Systems
Install and Accredit Systems
Enable operation and use
Enable operation and use
Manage Performance and Capacity
Manage Performance and Capacity
Ensure Continuous Service
Ensure Continuous Service
Ensure System Security
Ensure System Security
Identify and Allocate Costs
Identify and Allocate Costs
Manage Third-party Services
Manage Third-party Services
Define and Manage Service Levels
Define and Manage Service Levels
Educate and Train Users
Educate and Train Users
ManageOperationsManage
Operations
Manage ConfigurationManage
Configuration
Manage Service Deskand Incidents
Manage Service Deskand Incidents
Manage DataManage
Data
ManagePhysical environment
ManagePhysical environment
ManageProblemsManage
Problems
Monitor And EvaluateITPerformance
Monitor And EvaluateITPerformance
Monitor andEvaluateInternal Controls
Monitor andEvaluateInternal Controls
EnsureComplianceWith ExternalStandards
EnsureComplianceWith ExternalStandards
Provide ITGovernanceProvide IT
Governance
Define Information Architecture
Define Information Architecture
ITIL V3 mapping with COBIT 4.1ITIL V3 mapping with COBIT 4.1
ProcureIT Ressources
ProcureIT Ressources
10/04/23
Deliver and SupportDeliver and SupportMonitor and EvaluateMonitor and Evaluate
Planning & Organization
Acquire and Implement
Planning & Organization
Acquire and ImplementPlan and OrganisePlan and OrganiseDefine Strategic IT Plan
Define Strategic IT Plan
Define IT ProcessesOrganisation and Relationships
Define IT ProcessesOrganisation and Relationships
Manage IT InvestmentManage IT
Investment
Determine Technological Direction
Determine Technological Direction
Communicate ManagementtAims and Direction
Communicate ManagementtAims and Direction
Manage IT HumanResource
Manage IT HumanResource
Assess and Manage IT Risks
Assess and Manage IT Risks
Manage ProjectsManage
Projects
ManageIT QualityManage
IT Quality
Identify Automated Solutions
Identify Automated Solutions
Acquire and Maintain Application Software
Acquire and Maintain Application Software
Acquire and Maintain Technology Infrastructure
Acquire and Maintain Technology Infrastructure
Manage ChangeManage
Change
Install and Accredit Systems
Install and Accredit Systems
Enable operation and use
Enable operation and use
Manage Performance and Capacity
Manage Performance and Capacity
Ensure Continuous Service
Ensure Continuous Service
Ensure System Security
Ensure System Security
Identify and Allocate Costs
Identify and Allocate Costs
Manage Third-party Services
Manage Third-party Services
Define and Manage Service Levels
Define and Manage Service Levels
Educate and Train Users
Educate and Train Users
ManageOperationsManage
Operations
Manage ConfigurationManage
Configuration
Manage Service Deskand Incidents
Manage Service Deskand Incidents
Manage DataManage
Data
ManagePhysical environment
ManagePhysical environment
Manage ProblemsManage
Problems
Monitor And EvaluateITPerformance
Monitor And EvaluateITPerformance
Monitor andEvaluateInternal Controls
Monitor andEvaluateInternal Controls
EnsureComplianceWith ExternalStandards
EnsureComplianceWith ExternalStandards
Provide ITGovernanceProvide IT
Governance
Define Information Architecture
Define Information Architecture
ISO 2700x Family mapping with COBIT 4.1ISO 2700x Family mapping with COBIT 4.1
ProcureIT Ressources
ProcureIT Ressources
10/04/23
Deliver and SupportDeliver and SupportMonitor and EvaluateMonitor and Evaluate
Planning & Organization
Acquire and Implement
Planning & Organization
Acquire and ImplementPlan and OrganisePlan and OrganiseDefine Strategic IT Plan
Define Strategic IT Plan
Define IT ProcessesOrganisation and Relationships
Define IT ProcessesOrganisation and Relationships
Manage IT InvestmentManage IT
Investment
Determine Technological Direction
Determine Technological Direction
Communicate ManagementtAims and Direction
Communicate ManagementtAims and Direction
Manage IT HumanResource
Manage IT HumanResource
Assess and Manage IT Risks
Assess and Manage IT Risks
Manage ProjectsManage
Projects
ManageIT QualityManage
IT Quality
Identify Automated Solutions
Identify Automated Solutions
Acquire and Maintain Application Software
Acquire and Maintain Application Software
Acquire and Maintain Technology Infrastructure
Acquire and Maintain Technology Infrastructure
Manage ChangeManage
Change
Install and Accredit Systems
Install and Accredit Systems
Enable operation and use
Enable operation and use
Manage Performance and Capacity
Manage Performance and Capacity
Ensure Continuous Service
Ensure Continuous Service
Ensure System Security
Ensure System Security
Identify and Allocate Costs
Identify and Allocate Costs
Manage Third-party Services
Manage Third-party Services
Define and Manage Service Levels
Define and Manage Service Levels
Educate and Train Users
Educate and Train Users
ManageOperationsManage
Operations
Manage ConfigurationManage
Configuration
Manage Service Deskand Incidents
Manage Service Deskand Incidents
Manage DataManage
Data
ManagePhysical environment
ManagePhysical environment
Manage ManageProblems
Manage ManageProblems
Monitor And EvaluateITPerformance
Monitor And EvaluateITPerformance
Monitor andEvaluateInternal Controls
Monitor andEvaluateInternal Controls
EnsureComplianceWith ExternalStandards
EnsureComplianceWith ExternalStandards
Provide ITGovernanceProvide IT
Governance
Define Information Architecture
Define Information Architecture
CMMI for Development 1.3 mapping with COBIT 4.1CMMI for Development 1.3 mapping with COBIT 4.1
ProcureIT Ressources
ProcureIT Ressources
10/04/23
IT Best Practices, Standards & Frameworks Implementation
A pragmatical approach
10/04/23
Why Starting? Volunteer Motivation
Platform interconnection > new architecture > new processes
Motivation by constraint Regulations (Local, from EU, BASLE II, Solvency II,
…) Government initiative From a partner From a customer
By interest Customer Insurance
10/04/23
The Deming Cycle Plan
Scoping, Risk Assesment Risk Management Documentation
Do Resources Allocation Training Management Documentation
Check Project metrics Process metrics System Audit
Act Make Decision froms metrics
10/04/23
10/04/23
Comprehensive Approach to Improvement
Six σ
IT Operational Processes — ITIL
App. Development Processes — CMMI
Project Management Processes — PMI
1. Establish the Work
2. Align Roles With Work RACIRACI
3. Identify Appropriate Measures
4. Apply Governance
CobiT
Implementing IT Governance
10/04/23
10/04/23
Implementing IT Service Management
Service Delivery: Service-level
management Financial management Capacity management IT service continuity Availability management
Service Support: Incident management Problem management Change management Configuration
management Release management
Service Desk
Promote Change
10/04/23
• Integrate the management of change in the approach
• Involvement of management
• Motivate human resources
• Measure and improve the achievements
Enterprise Change Management
ManageChangeManageChange
10/04/23
OrganizationOrganizationCultureLeadershipSponsorship
PeoplePeopleEngagementTraining
ProcessesProcessesReuseAutomateTemplatesMeasure
TechnologyTechnologyITIL (at least)Configuration ManagementAsset ManagementService DeskSupervision toolCOBITExcel or IT Governance & Risk Management tool
Culture Program
10/04/23
eMedia Technologie
10/04/23
Software DistributionIndustry solutionsIT Service ManagementData ManagementWorkload Management
Business ConsultingB2B, B2C Business DevelopmentEnterprise Change ManagementCoachingIndustry Solutions
IT ConsultingIT ModernizationIT GovernanceIT Services ManagementIT Security ManagementApplication Management Business IntelligenceIT Infrastructure
Management
Questions - Réponses
10/04/23